<?php
/**
* This action save respone of selected request
*/
//GREP:HARDCODEDTEXT2
if (!defined("EXPONENT")) exit("");
global $db, $user;

$request = $db->selectObject("rsrequest_item","id=" . intval($_POST['rid']));

if ($request && (
    exponent_users_isAdmin() || (exponent_permissions_check('edit',$loc)
            || exponent_permissions_check('administrate',$loc)
    )))
{   
    
    $respone=null;
    // change some fields
    $respone->content=_ab_safe_html_string($_POST['content']);
    $respone->request_type = 1;
    $respone->parent_id = $request->id;
    $respone->request_date = time();
    $respone->user_id = $user->id;
    $respone->unread = 1;
    $respone->admin_unread = 0;
    $respone->location_data = $request->location_data;
    $respone->email = $request->email;
    $respone->fullname= $request->fullname;
    $respone->phone = $request->phone;
    
    $db->insertObject($respone, "rsrequest_item");
    
    // we must change the state of the request to read
    $request->unread=0;
    $request->admin_unread=0;
    $db->updateObject($request, "rsrequest_item");
    
    exponent_flow_redirect();
}
else
{
    echo SITE_404_HTML;
}

if (isset($_POST['id'])) {
	$rsnews = $db->selectObject("rsnewsitem","id=" . intval($_POST['id']));
	if ($rsnews != null) {
		$loc = unserialize($rsnews->location_data);
		$iloc = exponent_core_makeLocation($loc->mod,$loc->src,$rsnews->id);
	}
	$rsnews->editor = $user->id;
	$rsnews->edited = time();
} else {
	$rsnews->posted = time();
	$rsnews->poster = ($user?$user->id:0);
	$rsnews->edited = time();
}

if ((isset($rsnews->id) && exponent_permissions_check("edit_item",$loc)) ||
	(!isset($rsnews->id) && exponent_permissions_check("add_item",$loc)) ||
	($iloc != null   && exponent_permissions_check("edit_item",$iloc))
) {

	//Get and save the image
        if ($_FILES['file']['name'] != '') {
                $dir = 'files/rsnewsmodule/'.$loc->src;
                $file = file::update('file',$dir,null);
		//eDebug($file);
                if (is_object($file)) {
                        $rsnews->file_id = $db->insertObject($file,'file');
                } else {
                        // If file::update() returns a non-object, it should be a string.  That string is the error message.
                        $post = $_POST;
                        $post['_formError'] = $file;
                        exponent_sessions_set('last_POST',$post);
                        header('Location: ' . $_SERVER['HTTP_REFERER']);
			exit();
                }
        }

	//Get and add the tags selected by the user
	if (isset($_POST['tags'])) $rsnews->tags = serialize(listbuildercontrol::parseData($_POST,'tags'));
	$rsnews = rsnewsitem::update($_POST,$rsnews);

	//not sure why this is here - added by James?
	/*if (!isset($rsnews->id) && $db->countObjects('rsnewsitem',"internal_name='".$rsnews->internal_name."'")) {
		unset($_POST['internal_name']);
		$_POST['_formError'] = 'That Internal Name is already taken';
		exponent_sessions_set('last_POST',$_POST);
		header('Location: ' . $_SERVER['HTTP_REFERER']);
		exit('');
	}
	*/

	$rsnews->location_data = serialize($loc);

	if (!defined("SYS_WORKFLOW")) require_once(BASE."subsystems/workflow.php");
	exponent_workflow_post($rsnews,"rsnewsitem",$loc);
} else {
	echo SITE_403_HTML;
}

?>
